test_users_absent.yml was using users_absent.json. It has been adapted to
use users.json instead with an additional json_query to get only the names
from users_present.json.

create_users_json.yml has been added to create users.json if it is missing
containing 500 users. It is included by test_users_present.yml and
test_users_absent.yml.

users_present.sh has been renamed to users.sh and modified to create by
default users.json with 1000 users and additional with password and
passwordexpiration in two years.

jmespath has been added to pip install list in
tests/azure/templates/playbook_tests.yml to emable the use of json_query.

The requirement for jmespath has been added to tests/README.md.

Add support for option `name_from_ip` in ipadnszone module.

Since `name_from_ip` has a similar, but not equal, behavior to `name`,
and as the inferred DNS zone might depend on DNS configuration and
can be different than the user expects, it has some limited usage,
and the user must be aware of its effects.

This change to the documentation enhance the documentation including
more details on the attribute usage.

When adding a zone using the option name_from_ip, the user have
little control over the final name of the zone, and if this name
is to be used in further processing in a playbook it might lead to
errors if the inferred name does not match what the user wanted to.

By returning the actual inferred zone name, the name can be safely
used for other tasks in the playbook.

Modified support for processing result of IPA API commands so that
client code can define its own processing and add return values to
self.exit_args based on command result.

If a subclass need to process the result of IPA API commands it should
override the method `process_command_result`. The default implementation
will simply evaluate if `changed` should be true.

IPA CLI has an option `name_from_ip` that provide a name for a zone
from the reverse IP address, so that it can be used to, for example,
manage PTR DNS records.

This patch adds a similar attribute to ipadnszone module, where it
will try to find the proper zone name, using DNS resolve, or provide
a sane default, if a the zone name cannot be resolved.

The option `name_from_ip` must be used instead of `name` in playbooks,
and it is a string, and not a list.

A new example playbook was added:

    playbooks/dnszone/dnszone-reverse-from-ip.yml

A new test playbook was added:

    tests/dnszone/test_dnszone_name_from_ip.yml

Fixed symlinks to be not absolute

Fix ipavault `salt` update.

Fix `allow_create_keytab_host` in service module.

Missing admin passwords in location module.

Tests for module ipalocation failed due to missing ipaadmin_password.

Added the variable to the playbooks, and also fixed the examples and
documentation. Some playbooks had identation fixed to two spaces
instead of one for consistency with other modules.

A test was failing due to use of old ipavault module return structure
and some places on the documentation were alse referring to it. All
ocurrences were fixed.

Modify and add tests to verify that a password change has the correct
effect on ipavault.

When modifying an existing vault to change the value of `salt`, the
password must also change. It is fine to "change" the password to the
same value, thus only changing the salt value.

The generation of a random salt, when one was not provided, was in the
wrong place and being generated too late to be used properly. Also, the
generation of the value was duplicated.

In some scenarios, the value of the vault type is returned as a tuple,
rather than a string, this made some changes to existing vault to fail.
With this change, the vault type is correctly retrieved, if it was not
provided by the user.

New location management module

Add support for parameter `rename` on ipahostgroup.

Modified return value for ipavault module.

Replace `host` to `user` in module ipauser on return value documentation

Fixed error msgs on FreeIPABaseModule subclasses

Allow to manage multiple dnszone entries.

New delegation management module

New selfservice management module

There is a new location management module placed in the plugins folder:

    plugins/modules/ipalocation.py

The location module allows to ensure presence or absence of locations.

Here is the documentation for the module:

    README-location.md

New example playbooks have been added:

    playbooks/location/location-absent.yml
    playbooks/location/location-present.yml

New tests for the module:

    tests/location/test_location.yml

There is a new selfservice management module placed in the plugins folder:

    plugins/modules/ipaselfservice.py

The selfservice module allows to ensure presence and absence of selfservices
and manage selfservice attributes.

Here is the documentation for the module:

    README-selfservice.md

New example playbooks have been added:

    playbooks/selfservice/selfservice-absent.yml
    playbooks/selfservice/selfservice-present.yml
    playbooks/selfservice/selfservice-member-absent.yml
    playbooks/selfservice/selfservice-member-present.yml

New tests for the module:

    tests/selfservice/test_selfservice.yml

There is a new delegation management module placed in the plugins folder:

    plugins/modules/ipadelegation.py

The delegation module allows to ensure presence and absence of delegations
and manage delegation attributes.

Here is the documentation for the module:

    README-delegation.md

New example playbooks have been added:

    playbooks/delegation/delegation-absent.yml
    playbooks/delegation/delegation-present.yml
    playbooks/delegation/delegation-member-absent.yml
    playbooks/delegation/delegation-member-present.yml

New tests for the module:

    tests/delegation/test_delegation.yml

Fixed symlinks to be not absolute, which confuses 'ansible-galaxy collection build' on other systems

Modify old service module tests to use setup and cleanup include
files to make test environment more consistent.

The attribute `allow_retrieve_keytab_host` was not working due to
wrong processing of the input and verification if the values should
be updated. Both the issues are fixed by this change.

Tests were added to better verify service keytab members.

The ipavault module was returning a single string value when retrieving
data. To keep consistency with other modules, it should return a dict
with the `data` variable in it.

This change modifies the result of ipavault to be a dict and also fixes
relevant tests, examples and documentation.

FreeIPA 4.8.7 introduced an option to rename an existing hostgroup.
This patch adds support for renaming hostgroups if the option is
available on installed IPA version.

A new state `renamed` and a new option `rename` (alias: `new_name`)
was added to module `ipahostgroup` to allow renaming of host groups.

The implemented behavior is:
* Rename if `name` exists and `rename` doesn't.
* Do nothing if `name` does not exist and `rename` does, or if
  `name` equals to `rename`. (result.changed is False)
* Fail if neither or both `name` and `rename` exist.

This PR allow ipadnszone module to ensure that multiple dns zones
are absent at once, to be consistent with other ansible-freeipa
modules.

To fix this issue, it was required that custom arguents must be
passed using keyword arguments so that `get_ipa_command_args()`
is kept generic.

Fix some documentation issues.

Replaced occurrences of `service` where `role` was expected, in
both module source code and module README.

The attribute `skip_host_check` was using dashes instead of
underscores, and the certificate examples could not be used
directly due to formatting. These changes fix both issues.

This change fixes a wrong parameter name in the documentation of
RESULT_VALUES, and also provide a correct YAML snippet to ensure
presence of an asymmetric vault with a formatted private key.

When a fail_json is called a SystemExit exeception is raised.
Since the FreeIPABaseModule has an internal context manager to deal
with exceptions this ContextManager captures the SystemExit. After
dealing destroying the kinit session the SystemExit must be raised again
to allow the fail_json to work properly.